- This topic has 6 replies, 5 voices, and was last updated 8 years, 2 months ago by
.
-
Posts
-
-
-
I can’t think of anything else besides the Simple ASP.NET Forms piece of the OWASP Broken Web Applications Project: http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html
Creating your own vulnerable app would always be a good project 8)
-
-
@Jamie.R wrote:
Making your own would be a great way to learn. I don’t think you will find any that use Microsoft products unless you pay for it. I know elearn have a few sites but you need to pay for their labs.
This hasn’t been the case for awhile. You can get the express versions of their development tools and SQL Server for free. Licensing obviously prevents a convenient all-in-one VM from being distributed, but it’s a minimal amount of work to install IIS, SQL Server Express, and copy the application files over.
-
I haven’t tried this yet so I don’t know if it’s any good or not.
VulnApp (.NET): http://www.nth-dimension.org.uk/blog.php?id=88
-
-
I came across this blog post by Raul Siles (a SANS instructor for the SEC542 “Web App Penetration Testing and Ethical Hacking” course) whilst looking for the Acunetix link:
http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
It has a really good list of vulnerable web apps.
-
- You must be logged in to reply to this topic.
